Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
I have SQL Server 2008 installed on Windows 2008 Server.
I've disabled built-in administrator password and created sa with sysadmin privileges.
Question is: Is there any way to access to database, or back it up. or methods to reset (and / or) get password for sa?
I want to secure my database.
Thanks.
I've disabled built-in administrator password...I want to secure my database.
If you think you can disable access to built-in administrators your are chasing a phantasm. Built-in administrators will always be able to access your database, the steps to gain access are clearly documented in Connect to SQL Server When System Administrators Are Locked Out. Your database must be deployed on a system on which you completely trust the system administrators, there is no work around for this basic requirement.
Most often this question is asked as some misguided attempt to protect the perceived IP in the database. The answer to that question is that what you want is called DRM and SQL Server does not offer DRM. If you are afraid of distributing the database to your users then use a service like SQL Azure.
Users who have to have access to the SQLCmd prompt would be be able to run perform such commands. You could access the database and reset passwords the console and do something like this:
ALTER LOGIN sa WITH PASSWORD = ‘newpassword’ UNLOCK
Related
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 7 months ago.
Improve this question
I have an idea to create database user (account with username and password that can access MS SQL database with those credentials) in a SQL stored procedure, and use those credentials in my web application, when user logs in with that account, to connect and interact with database.
This way I will be able to set permissions for each account and then it won't matter if that user manages to somehow get in touch with my database without my web app, as he will not be able to make changes that he couldn't do through my web app.
In short -> security is directly in my database, not in my web app.
As you can probably tell, I'm not well versed in this type of stuff, I bet that this is already a standard way of doing security, or there's a better way.
My question is:
Can I create a DB user in MS SQL using one of it's stored procedures?
If possible, how would I go about for example changing it's password?
Or if I want to add some more information other than just username and password, I would create a table with those new colums (for example first and last name, nickname, phone number, etc), how would I go about connecting a DB user with my table?
(I imagine it would be something like 'usernames for DB users are unique, so just save the username').
As you can see I have a broad idea, and it's still a bit messy in my head, and was wondering if someone could point me in the right direction with my train of thought.
You can create a Login / User using
USE MyDatabase
CREATE LOGIN MyLogin WITH PASSWORD = 'MyStrongPassword'
CREATE USER MyUser FOR LOGIN MyLogin
To change a password
ALTER LOGIN MyLogin WITH PASSWORD = 'MyNewStrongerPassword'
To grant the user access to a table within the database:
GRANT SELECT ON MyTable TO MyUser
You can indeed do this directly within a stored procedure, though I'm not sure why you'd want to - surely this would be a one off operation by a database administrator, rather than something that would require the re-usability a stored procedure gives?
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 9 years ago.
Improve this question
I have a program that accesses a local firebird database. It has write access to this database, and we need to be able to write to this database, but do not know the username/password.
Obviously, somewhere in the PC is a connection string/username/password to be able to connect to that database. What methods could I use to find this?
I've tried process monitor to see if it accesses any registry keys but can't see any.
I've checked the installation directories for configuration files.
I've decompiled some of the DAL DLL's but can't see any hardcoding anywhere!
The vendor is no longer, so we can't go to them.
Any advice appreciated!
If with "local" you mean embedded then you actually don't need to know the password - the embedded version doesn't check password. Quote from the "README_embedded.txt" file, chapter "2.3. Authentication and security":
The security database (namely security2.fdb) is not used in the embedded server and hence is not required. Any user is able to attach to any database. Since both the server and the client run in the same address space, the security becomes just an agreement between both sides which can be easily compromised.
So you actually need only the username, and for that you can use SYSDBA - the Firebird's superuser. Note that the username is still checked, even with embedded, to assign user SQL privileges.
In addition to the answer by ain regarding use of embedded, authentication in Firebird is handled by the server and its associated security database. This means that if you copy (or better: backup and restore) a Firebird database to a different server where you know the SYSDBA password, then you can simply access the database.
However if you want continuous write access from a different process to a database that is used by a Firebird server embedded in an user application: you can't. The embedded server (at least on Windows), does not allows external connections.
Closed. This question needs to be more focused. It is not currently accepting answers.
Want to improve this question? Update the question so it focuses on one problem only by editing this post.
Closed 8 years ago.
Improve this question
I am crazy to know that, how login system works in large applications like Facebook, Gmail, youtube, yahoo etc. Once after entering credentials server is responding more quickly. How is that possible ?
There must be more db servers for storing user information. So my question is
How they look for authentication information over more db servers?
Do they look over all the db servers to check for a particular user and if so how it is responding more quickly ?
Do they allocate db server based on geographical location of the user ?
And do they also have more application servers and how these are interconnected with each other.
RDBMS have the functionality to link servers that issue distributed queries, updates, commands, and transactions on heterogeneous data sources.
The database system will use some form of cached information about the user, in SQL Server an execution plan is stored and used when a query is executed. The database management system will decide which execution plan to take in order to generate the fastest results or use a cached data set. Note: Google, Facebook, Amazon etc will lot of server processing power behind the scenes which will make it seem instantaneous. They will also have dedicated teams to manage their databases, perform indexes, tuning, optimization and identify bottlenecks.
The geographical location of the server could be a factor. The closer the server is to the user the faster they can get the information but IMO this would be a matter of nano/milli seconds difference depending on where their data center is located. If the server gets too busy then the load balance will migrate you/other users to a server with more available resources.
Yes. Using more than one web server is needed in scenarios like this and is tied in to part 3 of the question, which server you hit depends on how much available resources the closest server has and if it will accept your connection. They are distributed but the whole process seems transparent to the user, i.e. they think they are using the same server as every other client. They can be interconnected by using session management, Web Services and other interoperability techniques and technologies.
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 10 years ago.
Improve this question
Please can anyone assist with hiding the available databases on sql server 2008R2 or newer versions.
I have a new login user that I mapped to a specific database.
When logging in with the specific login user I can see all the databases on the server, although I cannot access them except for the one I mapped to the login.
This is 100% but my problem is that I do not want the login to even see that those other databases are available.
How do I prevent those other databases that are not mapped to the login from displaying?
USE master;
GO
DENY VIEW ANY DATABASE TO [newlogin];
GO
USE yourDB;
GO
DROP USER newlogin;
GO
USE master;
GO
ALTER AUTHORIZATION ON DATABASE::yourDB TO [newlogin];
GO
Raj
Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 11 years ago.
Improve this question
I have a web application using a database in SQL Server 2008. I am the developer of this project and this project has been hosted elsewhere.
I've delivered the project to the administrator. Now the administrator is able to connect to SQL Server but I don't want the administrator to be able to see the database tables.
Is there any way to do this?
I've seen this done before by the makers of ACT. Their product installs a new instance of SQL Server Express and as part of that process they encrypt the sa password for the instance. This makes it 'impossible' for others to connect to the database using anything other than their product and add-on tools.
I don't know exactly how they do it, but perhaps you could search for encrypting sa password or something similar and find out how to do it.
Shy of installing your own instance of SQL Server I am not sure how you would go about this.
Bear in mind that your application will need to then provide the ability to backup, tune, modify, etc the database as the DBA would not have access to the instance of SQL Server.
Incidentally, we threw ACT out once we saw this - I didn't, and still don't, like the idea of a black box running on one of our servers.
In the end, you'll probably find that this added layer of protection (for you, not the client) just isn't worth the aggravation. While you may have proprietary information in the form of the database schema the odds of the client reverse engineering your application and then making their own are slim. Even if they did, it is hard to make good software - they likely wouldn't get it 'right' anyway.
My advice, don't worry about this, focus on making your software great so there is no reason for them to roll their own or look elsewhere.
Simple: No, he is DBA. He can not do his job without the ability to work with the database. Get over your objections.
You cannot limit the rights of an administrator on a server.
The administrator also has access to pretty much all tables that store your encryption keys, so TDE won't work.
If he is a security admin or one of the other roles, that might solve the issue as by default such roles has no permissions on your data.
SQL Administrators normally have these roles to protect your data. They need it.
If the data is very sensitive, you need to use alternative means to secure it, such as applying your own encryption before saving the sensitive values. (AES etc.)